A vulnerability was found in GoodLayers Tourmaster Plugin up to 5.4.5 on WordPress. It has been declared as critical. Affected is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability is documented as CVE-2025-69133. The attack can be executed remotely. There is not any exploit available.